cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WPA2 Enterprise Profile

Highlighted
Kind of a big deal

WPA2 Enterprise Profile

Not sure if your org uses WPA2 Enterprise to have user authenticate onto your network. We have been testing it out and really like it. Our current way is just pushing our wireless credentials during DEP, but with iOS 11 and WiFi sharing we have been asked to re-evaluate our practices.

 

Thoughts? How are you doing it?

Find this helpful? Click the kudos button. Thanks!
2 REPLIES 2
Highlighted
Kind of a big deal

Re: WPA2 Enterprise Profile

If you value security you want to stick with WPA2-Enterprise mode.

 

It is the only practical way of being able to easily prevent individual users from connecting to your network as people start and finish with your company.

Highlighted
Meraki Employee

Re: WPA2 Enterprise Profile

Generally speaking, the #1 best and common practice is WPA2-Enterprise which leverages 802.1X/EAP with a RADIUS server which in turn queries an external LDAP database (very commonly AD).  This covers everything you need with respect to AAA, mutual tunneled authentication, RBAC, and a variety of EAP types to fit various requirements, and to handle both wired and wireless use cases.  You mentioned DEP and iOS 11 so if you have it, RADIUS can also query Open Directory.  And if you're using Meraki Systems Manager you can also leverage that for things like client certificate distribution to implement EAP-TLS, without the need to stand up your own PKI or do all the cumbersome certificate management.  Anyway, definitely read up on 802.1X/EAP and RADIUS to plan out your AAA services on your network. 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels